Securing the customer portal

by geralt @pixaby

by geralt @pixaby

You are running a portal, where customers can access sensible data. This could be a stock exchange trading platform, a high value gaming platform or a portal to register medical data resulting from some kind of field tests or medical studies.

Using only a password would not be secure enough and would not offer enough protection for the sensitive data handled on this platform. A second factor can improve the security of your customers data sustainably by

  • enabling you to identify the user reliably,
  • making it hard for an attacker to gather login information by phinshing, keyloggers or trojans
  • and prevent access to the data even if the password database would be stolen.

But your customers are spread nationwide or even worldwide. I.e. you need to choose a second factor that is cost effective and which can be distributed to the users reliably. Furher, the second factor should not be compromized during the enrollment process.

The authentication process must also be reliable and robust, since

  • the customer will authenticate from any different kind of hardware, operating system and browser and
  • you need to keep the support calls low in spite of the large number of users.

NetKnights helps you to define processes and choose the products and authentication devices accordingly. In many cases choosing one time passwords is a good starting point, since they work independant from the users device. Smartdisplayer OTP cards are flat and can be distributed in normal letters.

Using privacyIDEA you can get a management system, that can be included flexibly into your work flows and which gives you the freedom to choose from a large number of different OTP token types.